Migrating users from MySQL running on-premises or in AWS RDS to Azure Database for MySQL

This post has been republished via RSS; it originally appeared at: New blog articles in Microsoft Tech Community.

Introduction

To provide a managed service experience, all managed offerings of MySQL restrict access to certain advanced privileges, such as SUPER, SHUTDOWN, FILE, and CREATE TABLESPACE. Every instance of MySQL has some users with these advanced privileges, and you can’t migrate these users directly from an instance of MySQL running on-premises or in AWS RDS to Azure Database for MySQL.

This blog post explains how to migrate MySQL users from an instance of MySQL running on-premises or in AWS RDS to Azure Database for MySQL.

Prerequisites

To prepare for migrating users from AWS RDS/On-premises MySQL, you need:

A Linux Virtual Machine (VM) running Ubuntu. For more information, see Create a Linux virtual machine in the Azure portal.
An Azure Database for MySQL server to which you want to migrate your users. For more information, see Create an Azure Database for MySQL server by using the Azure portal.
Firewall rules allowing the Linux VM to connect to the Azure Database for MySQL master server. For more information, see Create a server-level firewall rule in the Azure portal.
A clean local MySQL server running a version consistent with the MySQL version to which you want to migrate.

Process

Migrating users from AWS RDS/on-premises MySQL to Azure Database for MySQL involves three primary tasks:

Fetching users from the AWS RDS/on-premises MySQL and creating the file with revoke queries for SUPER, SHUTDOWN, FILE, and CREATE TABLESPACE.
Restoring users to the clean local MySQL server and creating a file with user to export to Azure Database for MySQL
Importing users to Azure Database for MySQL

Fetching users

The first thing you need to do is to fetch users from the AWS RDS/on-premises MySQL (Server A, for the purposes of this post) and then create the file with revoke queries for SUPER, SHUTDOWN, FILE, and CREATE TABLESPACE.

To create a user list with all users except localhost users and proxy accounts:

Log in to the Linux VM running Ubuntu.
Create the get_user_list.sql file in any folder (in this post, we use a named “sql”), and then copy the content below into the file:SELECT group_concat(concat("'",user,"'@'",host,"'")) FROM mysql.user WHERE host not in ('localhost','127.0.0.1') AND user not in (select user from mysql.proxies_priv where proxied_user <> ''); 3. Create a user list with all users except localhost and proxy accounts by running the following command:USERLIST=$(mysql -h$Ahost -u$Auser -P$Aport -Nf -p < sql/get_user_list.sql)

To remove the SUPER, SHUTDOWN, FILE, and CREATE TABLESPACE privileges from all users:

Create the get_revoke_list.sql file in the “sql” folder, and then copy the below content into the file:SELECT concat("REVOKE SUPER, SHUTDOWN, FILE, CREATE TABLESPACE ON *.* FROM '",user,"'@'",host,"';") as 'query' from mysql.user WHERE host not in ('localhost', '127.0.0.1') AND user not in (SELECT user from mysql.proxies_priv where proxied_user <> '');
To create a revoke.sql file that contains the commands with revoke SUPER, SHUTDOWN, FILE, CREATE TABLESPACE privileges, run the following command.mysql -h$Ahost -u$Auser -P$Aport -Nf -p < sql/get_revoke_list.sql > sql/revoke.sql
To create apply1.sql file with the user privileges, use the percona-toolkit - pt-show-grants program by running the following command:sudo apt install percona-toolkit #This will install the percona toolkit pt-show-grants --host=$Ahost --port=$Aport --user=$Auser --only=$USERLIST --ask-pass > sql/apply1.sql

The above statement will create the file, which will contain the create statements for all the supported user with appropriate permissions, in the ‘sql’ folder.

Restoring users

Next, we need to restore the users we fetched previously to the clean local MySQL server (Server B, for the purposes of this post), and then create a file with the users to export to Azure Database for MySQL.

To create users identified in Step 1 in Server B, run the following command:USERLIST=$(mysql -h$Bhost -u$Buser -P$Bport -f -p < sql/apply1.sql)
To revoke the unsupported privileges identified above from the users you just created in Server B, run the following command:mysql -h$Bhost -u$Buser -P$Bport -f -p < sql/revoke.sql
To create the user privileges file, use the percona-toolkit - pt-show-grants program by running the following command:pt-show-grants --host=$Bhost --port=$Bport --user=$Buser --only=$USERLIST --ask-pass > sql/apply.sql

Importing users

Finally, we need to import the users from the file created above to Azure Database for MySQL by running the following command:

mysql -hmydemoserver.mysql.database.azure.com -umydemouser@mydemoserver -p <sql/apply.sql

Conclusion

That’s it – you’re all done with the process!

If you have any questions or trouble migrating MySQL users from an instance of MySQL running on-premises or in AWS RDS to Azure Database for MySQL, please contact the Azure Database for MySQL team at AskAzureDBforMySQL@service.microsoft.com.

Thank you!

Amol Bhatnagar

Program Manager - Microsoft